IN THE CLAIMS : 

Please amend the claims as indicated in the complete listing of pending claims listed 

below. 



1 . (currently amended) A cryptographic method, including: 
receiving at a first entity a second public key Ma; 

generating at l e ast on e of a first session key Kb and a first secret Sg -based on the 

second public key Ma; 
generating a first random nonce Nb; 

encrypting the first random nonce Nb with at least on e of th e first s e ssion k e y Kg -eftd 

using at least a first password Pr and a first public key Mn th e first s e cr e t Sj rto 

obtain an encrypted random nonce; 
transmitting the encrypted random nonce from the first entity; 
receiving a i n-response to transmitting t he encrypted random nonc e; and 
authenticating through determining , receiving at th e first e ntity a data signal whether 

the response includes containing a correct modification of the first random 

nonce^-N yH; and 

if th e r e c e iv e d modification of th e first random nonc e Ns+l was corr e ctly p e rform ed 
then p e rforming at l e ast on e of 

(i) op e ning a communication link at th e first comput e r, and 

(ii) g e n e rating a first initialization v e ctor Ir t 

2. (currently amended) The method of claim 1 which includes det e rmining wh e th e r th e 
received modification was corr e ctly p e rform e d wherein said encrypting the first 
random nonce Nr includes: 
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generating a first secrete S^from at least the first password Pr and the first public key 
Mr; and 

encrypting the first random nonce Nr using at least the first secrete Sr . 

3. (currently amended) The method of claim 2 wherein d e t e rmining wheth e r th e 

received modification was corr e ctly p e rformed includ e s said authenticating includes: 
checking whether the-areceived modification of the first random nonce Na4=4-equals 

a modification of the first random nonce Ng44-as applied to the first random 

nonce N©44-by the first entity. 



4. (currently amended) The method of claim 2 wherein determining wh e th e r th e 

received modification was corr e ctly p e rformed includ e s said authenticating includes: 
checking whether the-areceived modification of the first random nonce Na+Hess a 

modification thereof as applied thereto by the first entity equals the first 

random nonce-Ns-H-. 



5. (currently amended) The method of claim 1 claim 2 wherein generating the first 
session key Kb includ e s includes: 
pr e s e nting a num e ric param e t e r 13^ 
generating a first random number Rr 5 and 

s e tting computing the first session key Kb equal to from t he second public key Ma 
raised to the exponential power of the first random number Rb, modulo a 
parameter Bb« 
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6. (currently amended) The method of olaim 1 claim 2 wherein g e n e rating t he first 
secret Sb is generated includes employing u sing a combining function, function / n on 
at least the first password Pr and the first public key Mr . 

7. (currently amended) The method of claim 6 wherein employing th e combining 
function, /&, includ e s the first secret SrJs generated g e n e rating a first public key Ma ? 
using t he combining function fn function, fa* th e n b e ing e mploy e d on a on the first 
password Pb and on at l e ast on e of t he second public key Ma and the first public key 
M B . 

8. (currently amended) The method of claim 7 claim 2 wherein e mploying th e 
combining function, /g, on a first password Pg and on at l e ast on e of th e s e cond 
public k e y Ma and th e first public k e y Mr includ e s said generating the first secrete Sr 
includes: 

combining the second public key Ma and the first public key Mb with the first 

password Pb to produce a first result, and 
hashing the first result with a secure hash. 

9. (original) The method of claim 8 wherein the secure hash is a one-way hash function. 

10. (original) The method of claim 9 wherein the one-way hash function is one of the 
Secure Hash Algorithm, the Message Digest 5, Snefru, Nippon Telephone and 
Telegraph Hash, and the Gosudarstvennyl Standard. 
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1 1 . (currently amended) The method of claim 6 claim 2 wherein said generating the first 
secrete Sr includes: e mploying th e combining function, /a, includes e mploying a 
plurality of combining functions to produce th e first s e cr e t Sr, wher e in e aoh of th e 
plurality of combining function produces a prior r e sult, wh e r e in employing a first 
combining function includ e s 

g e nerating a first public k e y Ms raftd 

employing th e first combining function on a the first password Pr and en-at least one 
of the second public key M A and the first public key Mr to generate a first 
combined result, and 

employing e ach subs e qu e nt combining functions includ e s 

employing a combining function on a prior the first combined result and en-at least 
one of the second public key Ma, the first password Pr, and the first public 
key M r to generate a second combined result , wh e r e in th e prior r e sult 
produced by th e last combining function is th e first secr e t Sr . 

1 2. (currently amended) The method of claim 6 claim 2 wherein e ncrypting the first 
random nonce Nr includ e s e mploying is encrypted using a symmetrical encryption 
algorithm. 

13. (original) The method of claim 12, wherein the symmetrical encryption algorithm is 
one of the Data Encryption Standard and the block cipher CAST. 

14. (currently amended) The method of claim 2 claim 6 wherein encrypting the first 
random nonce Nr includes superencrypting the first random nonce Nr. 
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15. (currently amended) The method of claim 14, wherein superencrypting the first 
random nonce Nb includ e s includes: 

sup e rencrypting encrypting the first random nonce Nb with th e first s e ssion k e y K& 
and at l e ast on e of th e s e cond public key Ma, a param e t e r a^, a param e t e r 
a first public key Ma, th e first s e ssion k e y Kg, a first password and the 
first secret S r to produce the first encrypted result; and 

encrypting the first encrypted result using the first session key Kr . 



16. (currently amended) The method o f claim 1 claim 2 wherein said transmitting the 
encrypted random nonce from the first entity includ e s includes: 
transmitting to a second entity a As Hhe first p ublic key Mb to establish the session 

key at the second entity; and 
wherei n said authenticating includes: 

decrypting the response using the first session key Kr the received signal is 
e ncrypt e d bas e d on at l e ast one of a s e cond s e ssion k e y Kg and a 
s e cond secr e t S&, and wh e r e in th e s e cond s e ssion k e y Kg and th e 
second s e cr e t Sn ar e bas e d on th e first public k e y M r to generate a first 
decrypted result; and 
decrypting the first decrypted result using the first secret Sr . 



1 7. (currently amended) The method o f claim 1 claim 2 , wherein the response includes 
signal further includes a combination of a second random nonce Na and a 
modification of the first random nonce; and wherei n, subs e qu e nt to g e n e rating th e 
first initialization v e ctor I& ? the method furthe r includin g includes : 
extracting the second random nonce Na from the response; 
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modifying the second random nonce N A to obtain a modified second random nonce 

encrypting the modified second random nonce N^ b +1 with at least on e of u sing the 

first session key K B and the first secret S B to obtain an encrypted package; and 
transmitting the encrypted package from the firs t comput e r; entity. 
in respons e to transmitting th e e ncrypted random nonc e , r e c e iving at th e first 

computer a r e qu e st to op e n a communication chann e l; and 
op e ning th e communication chann e l. 

1 8. (currently amended) The method of claim 1 7 wherein said encrypting the modified 
second random nonce N^ B +1 includ e s includes: 

generating a string of random bits Ir; 

encryptin g it with th e first initialization v e ctor I r a combination of the string of 

random bits Ir and the modified second random nonce using the first secret Sr 
to generate a first result; and 

encrypting the first result using the first session key Kr . 

1 9. (currently amended) The method of claim 1 7 wherein the encrypted package is 
transmitted for authentication of the first entity in opening communication chann e l is 
a two-way communication channel. 

20. (currently amended) A computer readable storage medium containing executable 
computer program instructions which, when executed, cause a first computer system 
to perform a cryptographic method including: 

receiving at the first computer system a second public key M A ; 
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generating at l e ast on e of a first session key Kb and a first secr e t S^ -based on the 

second public key Ma; 
generating a first random nonce N B ; 

encrypting the first random nonce Nb with at l e ast on e of th e first s e ssion k e y Kg -asd 
using at least a first password Pr and a first public key Mr t h e first s e cr e t Sa 
to obtain an encrypted random nonce; 

transmitting the encrypted random nonce from the first computer system; 

authenticating through determining whether a i n-response to transmitting t he 

encrypted random nonce , r e c e iving at the first comput e r system a data signal 
includes containing a correct modification of the first random nonce44g44f 

if the r e c e iv e d modification of the first random nonc e N3+I was correctly perform e d 
than p e rforming at l e ast on e of 

(i) opening a communication link at th e first comput e r system and 

(ii) g e n e rating a first initialization v e ctor 1^ . 

21 . (currently amended) A distributed readable storage medium containing executable 
computer program instructions which, when executed, cause a first computer system 
and a second computer system to perform a computer cryptographic method through 
a network, the method comprising: 

receiving e^-8-at the first computer system a second public key M A ; 

generating at the first computer system at l e ast on e of a first session key K B and a first 

s e cr e t Sg -based on the second public key Ma; 
generating at the first computer system a first random nonce Nb; 
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encrypting at the first computer system the first random nonce Nb with at least ono of 
th e first s e ssion k e y Ka -eftd -using at least a first password Pr and a first public 
key Mr t he first secret Sa -to obtain an encrypted random nonce; 

transmitting the encrypted random nonce and the first public key Mr from the first 

computer system to the second computer syste m to establish the session key at 
the second computer system ; 

receiving at the first computer system from the second computer system a i ft-response 
to transmitting the encrypted random nonc e; and 

authenticating the second computer system at the first computer system through 

determining , r e c e iving at th e first computer syst e m a data signal whether the 
response includes containing a correct m odification of the first random nonce 
N a+1; and 

if th e r e c e iv e d modification of th e first random nonc e Na+1 was correctly p e rform ed 
then performing at l e ast on e of 

(i) op e ning a communication link b e tw ee n the first comput e r syst e m and th e 

second comput e r system, and 

(ii) g e n e rating a first initialization vector la . 

22. (currently amended) A computer system for performing a cryptographic method 
through a network, the computer system comprising: 
a processor; 

a network interface coupled to the network and coupled to the processor, the network 
interface receiving a pag e t o receive a request including information on at 
least on e of a user identification and a user password ; and 
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a file-storage device coupled to the processor, the file-storage device to store s toring 
copi e s of at least on e of a us e r identification and a user password 
corresponding to the user identificatio n und e r control of a fil e management 
syst e m , and wherein the processor is to perform p erfemis-a method, including 
including: 

receiving at the proc e ssor a second public key M a through the network 
interface ; 

generating at least one of a first session key Kb and a first s e cr e t Sy based on 

the second public key Ma; 
generating a first random nonce Nb; 

encrypting the first random nonce Nb with at l e ast on e of th e first s e ssion k e y 
fca-aftd -using at least the user password and a first public key Mr & e 
first s e cr e t Sg -to obtain an encrypted random nonce; 

transmitting the encrypted random nonce from th e proc e sso r and the first 
public key Mb through the network interface ; 

authenticating through determining whether a i n-response to transmitting t he 
encrypted random nonce , r e c e iving at the processor a data signal 
containing includes a correct modification of the first random nonce 

XT r , -4- 1 ■ nnH 

if the receiv e d modification of the first random nonc e N^+l was correctly 
perform e d th e n performing at l e ast on e of 

(i) op e ning a communication link at th e proc e ssor and 

(ii) generating a first initialization v e ctor I 3. 

23. (currently amended) The computer system of claim 22 wherein the network may b e is 
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a network operating according to a hypertext transfer protocol : and the first public 
key Mr is transmitted with the encrypted random nonce for session key exchange . 

24. (currently amended) A cryptographic method, comprising: 

receiving at a first entity a second public key Ma aftd-a-and an encrypted second 

random number-& A e ncrypt e d with a s e cond password Pa ; 
generating at least on e of a first session key Kg and a first s e cr e t Sa -based on the 

second public key M A ; 
decrypting, e mploying u sing at least a first password Pb and the second public key 

Ma, to retrieve the-a_second random number Na from th e encrypted second 

random number-^ A e ncrypt e d with th e s e cond password P A ; 
modifying the second random number Na to obtain a modified second random 

number-NA^; 

encrypting the modified second random number Na b +1 with u sing at least one of the 

first password Pr and a first public key Mr first s e ssion k e y Kb and th e first 

s e cr e t Sa -to obtain an encrypted random package: and 
transmitting the encrypted random package from the first entit y; and 
in r e spons e to transmitting th e e ncrypt e d random packag e , at l e ast on e of 

(i) r e c e iving at the first entity a r e qu e st to open a communication link, and 

(ii) r e c e iving at th e first e ntity an e ncrypt e d data packag e. 



25. (currently amended) The method of claim 24, wherein said decrypting includes: 

decrypting r e c e iving the encrypted second random number N^ -using the first session 

key Kr to generate a first decrypted result: and 
decrypting the first decrypted result using at least the first password Pr and the 
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second public key M A e norypt e d with th e s e cond password Pa includ e s 
receiving th e s e cond random number Na suporoncrypt e d with th e s e cond 
password P A and at least one of th e s e cond password F A , the second public 
k e y Ma, a param e t e r Oa, and a parameter fig . 



26. (currently amended) The method of claim 24 wherein said g enerating the first session 
key Kb includ e s includes: 
pr e s e nting a numeric param e t e r 
generating a first random number Rb, and 

computing s e tting the first session key Kb e qual to from t he fifs ^second p ublic key 
Ma raised to the exponential power of the first random number Rb, modulo a 
parameter 13b- 



27. (currently amended) The method of claim 24 wherein said decrypting includes: 
generating the-afirst secret Sb includ e s e mploying u sing a combining function 

function, fn on at least the first password Pr and the second public key Ma , 



28. (currently amended) The method of claim 27 wherein the first secret Sr is generated 
e mploying the combining function, includ e s 
g e nerating a first public k e y Mb, and 

i -using t he combining / ^function, /s rQfl ft -the first password Pb and on at 
l e ast on e of the second public key Ma and the first public key Mb. 
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29. (currently amended) The method of claim 28 wherein said generating the first secret 
S ^omploying th e combining function, /g, on a first password and on at l e ast on e 
of the s e cond public kov Ma and th e first public k e y Ma includ e s includes: 
combining the second public key Ma and the first public key Mb with the first 

password Pb to produce a first result, and 
hashing the first result with a secure hash. 

30. (original) The method of claim 29 wherein the secure hash is a one-way hash 
function. 

3 1 . (original) The method of claim 30 wherein the one-way hash function is one of the 
Secure Hash Algorithm, the Message Digest 5, Snefru, Nippon Telephone and 
Telegraph Hash, and the Gosudarstvennyl Standard. 

32. (currently amended) The method of claim 27 wherein e mploying th e combining 
function, /su includ e s employing a plurality of combining functions to produc e said 
generating the first secret S b, wh e r e in e ach of th e plurality of combining function 
produc e s a prior r e sult, wh e r e in e mploying a first combining function includ e s 
includes: 

generating a first public k e y Mg rond 

e mploying th e first combining function on a the first password Pb and en-at least one 
of the second public key M A and the first public key Mr to generate a first 
combined result , and 

employing e ach subsequ e nt combining functions includ e s 
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e mploying a combining the first combined result function on a prior r e sult and eB-at 
least one of the second public key M A , the first password Pb, and the first 
public key M r to generate a second combined result , wh e r e in th e prior r e sult 
produced by th e last combining function is the first secr e t Sr . 

33. (currently amended) The method of claim 24, wherein said encrypting the modified 
second random number NA B =H-includes superencrypting the modified second random 

number-H^ 4 ^ 

34. (currently amended) The method of claim 24, further including: 
generating a first random number N r wh e r e i n ; and 

wherein said encrypting the modified second random number Na b +1 includ e s 
includes: 

encrypting as a first data signal a combination of t he first random number N B 
and the modified second random number.-NA +1, and wh e r e in 

B 

receiving at th e first comput e r on e ncrypt e d data packag e includ e s receiving a s e cond 
data signal encrypt e d to at l e ast one of a s e cond s e ssion k e y Ka and a s e cond 
s e cr e t Sa, the s e cond data signal including a s e cond initialization v e ctor U-aft4 
a modifi e d first random nonc e Ng 44f 

retrieving th e modifi e d first random nonc e Na+1 from th e e ncrypted data packag e ; 

tixicr 

if th e r e trieved modification of th e first random nonc e Nr+1 l e ss was correctly 
perform e d then 

s e nding from th e first e ntity a r e qu e st to op e n a two way communication chann e l. 
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35. (currently amended) The method of claim 34 which includ e s further includes: 
receiving at the first entity a response to the encrypted random package; 
decrypting the response to obtain a combination of a string of random bits and a 

modified first random nonce: and 
retrieving the modified first random nonce from the combination of the string of 

random bits and the modified first random nonce; 
determining whether the r e tri e v e d modified first random nonce m odification w as 

correctl y p e rform e d modified from the first random number Nr . 

36. (currently amended) The method of claim 35 wherein said determining whether the 
retrieved modification m odified first random nonce w as correctly modified p e rform e d 
includ e s includes: 

checking whether the retri e v e d modification of th e m odified first random nonce N©44- 
e quals a modification of the first random nonce as applied to the first random 
nonce Ng+4-by the first entity. 

37. (currently amended) The method of claim 35 wherein said determining whether the 
r e c e iv e d modification m odified first random nonce was correctly modified p erforme d 
includ e s includes: 

checking whether the r e c e iv e d modification of th e m odified first random nonce Nb*H- 
less a modification thereof as applied thereto by the first entity equals the first 
random nonce-Na44. 

38. (currently amended) A computer readable storage medium containing executable 
computer program instructions which, when executed, cause a first computer system 
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to perform a cryptographic method including: 

receiving at the first computer system a second public key M A eftd-a -and an encrypted 
second random number- ^ e ncrypt e d with a s e cond password P A ; 

generating at l e ast on e of a first session key K B and a first s e cr e t Sg -based on the 
second public key Ma; 

decrypting, using at least employing a first password Pb and the second public key 
M^x-to retrieve the second random number N A from the encrypted second 
random number-M A e ncrypt e d with th e s e cond password P A ; 

modifying the second random number N A to obtain a modified second random 
number-N A 44; 

encrypting the modified second random number N A +1 with using at least one of th e 
first s e ssion k e y Ku and th e first s e cr e t Sa -the first password Pr and a first 
public key Mr to obtain an encrypted random package; 

transmitting the encrypted random package from the first computer system for 
authentication- r-and 

in r e spons e to transmitting th e e ncrypt e d random packag e , at least on e of 

(i) rec e iving at th e first comput e r syst e m a r e quest to op e n a communication 

link, and 

(ii) r e c e iving at th e first computer system an e ncrypt e d data packag e. 

39. (currently amended) A distributed readable storage medium containing executable 
computer program instructions which, when executed, cause a first computer system 
and a second computer system to perform a cryptographic method through a network, 
the method including: 
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receivin g, from the second computer system and at the first computer systen^ a 
second public key Ma aad-a -and an encrypted second random number-^A 
encrypt e d with a s e cond password Pa ; 

generating at l e ast on e of a first session key Kb and a first secret Sg -based on the 
second public key Ma; 

decrypting, using at least e mploying a first password Pb and the second public key 
Ma, to retrieve the-a_second random number Na from the encrypted second 
random number-Nv i e ncrypted with th e s e cond password Pa ; 

modifying the second random number N A to obtain a modified second random 
number-Hv^; 

encrypting the modified second random number N a+1 with using at least on e of th e 
first s e ssion k e y K& and the first s e cr e t Sa the first password Pr and a first 
public key Mr to obtain an encrypted random package; 

transmitting the encrypted random package from the first computer system to the 
second computer systemr -and 

in response to transmitting the e ncrypt e d random packag e , at least on e of 

(i) r e c e iving at the first comput e r system a requ e st to op e n a communication 

link, and 

(ii) r e c e iving at th e first comput e r syst e m an e ncrypted data packag e. 

40. (currently amended) A computer system for performing a cryptographic method 
through a network, the computer system comprising: 
a processor; 

a network interface coupled to the network and coupled to the processor, the network 
interface receiving a pag e to receive a r equest including information on at 
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least on e of a user identificatio n and a us e r password ; and 
a file-storage device coupled to the processor, the file-storage device to store s ieriftg 
copies of at l e ast one of a user id e ntification and a user password associated 
with the user identificatio nu nd e r control of a fil e management system , and 
wherein the processor performs is to perform a method, including 
receiving at th e proc e ssor a second public key M A ead-a -and an encrypted 

second random number-N A e ncrypt e d with a s e cond password P A 

through the network interface : 
generating at least on e of a first session key Kb and a first s e cr e t S& -based on 

the second public key M A ; 
decrypting, using at least e mploying a first password Pb and the second public 

key Ma, to retrieve the second random number Na from th e encrypted 

second random number-N A e ncrypt e d with th e s e cond password Pa ; 
modifying the second random number Na to obtain a modified second random 

number^A 41 ^; 

encrypting the modified second random number N a+1 with u sing at least eae 
of th e first s e ssion k e y Ka and th e first secr e t Sa -the first password Pr 
and a first public key Mr, to obtain an encrypted random package; 

transmitting the encrypted random package from th e proc e sso r through the 
network interface s-aftd 

in respons e to transmitting the encrypted random package, at l e ast on e of 

(i) r e c e iving at th e processor a requ e st to op e n a communication link, 

UilU 

(ii) r e o e iving at tho procosaor on onorypt e d data packag e. 
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41 . (currently amended) The computer system of claim 40 wherein the network may b eis 
a network operating according to a hypertext transfer protocol ; and the first public 
key Mr is transmitted for session key exchange before the encrypted second random 
number is received. 
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